Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate response (e.g. status code and content type) #599

Open
kesselb opened this issue Feb 10, 2025 · 1 comment
Open

Validate response (e.g. status code and content type) #599

kesselb opened this issue Feb 10, 2025 · 1 comment
Labels
1. to develop bug good first issue

Comments

@kesselb
Copy link
Contributor

kesselb commented Feb 10, 2025

updater/lib/Updater.php

Lines 495 to 509 in e73aa39

$response = curl_exec($curl);
if ($response === false) {
throw new \Exception('Could not do request to updater server: '.curl_error($curl));
}
curl_close($curl);
// Response can be empty when no update is available
if ($response === '') {
return [];
}
$xml = simplexml_load_string($response);
if ($xml === false) {
throw new \Exception('Could not parse updater server XML response');
}

simplexml_load_string expects a well-formed xml document.
We should use curl_getinfo to check for the status code and the content type before parsing it.
@come-nc
Copy link
Collaborator

come-nc commented Feb 10, 2025

#591 is about that I think

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1. to develop bug good first issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kesselb @come-nc